SUSE CVE-2022-43357

Stack overflow vulnerability in astselectors.cpp in function Sass::CompoundSelector::hasrealparentref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service DoS. Also affects the command line driver for libsass, sassc 3.6.2...

AZL-43987 CVE-2022-43358 affecting package libsass 3.6.3-3

Stack overflow vulnerability in astselectors.cpp: in function Sass::ComplexSelector::hasplaceholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service DoS...

OSV-2020-1486 Bad-cast to Sass::PreValue from Sass::Unary_Expression

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15896 Crash type: Bad-cast Crash state: Bad-cast to Sass::PreValue from Sass::UnaryExpression Sass::SharedImpl::SharedImpl Sass::Parser::parsevalueschema...

CVE-2017-16040

gfe-sass is a library for promises CommonJS/Promises/A,B,D gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...

UBUNTU-CVE-2018-11499

A use-after-free vulnerability exists in handleerror in sasscontext.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service application crash or possibly unspecified other impact...